Illegal robocalls are a “scourge.” So says FCC Chairman Ajit Pai, and most consumers likely agree. Both the FCC and the FTC (each of which has jurisdiction over some aspects of telemarketing regulation) are actively pursuing ways to curb illegal and fraudulent robocalls. The FCC issued a report and order in November 2017 authorizing telecommunications providers to block certain types of calls considered “highly likely to be illegitimate.” In late January 2018, the FTC responded with a staff letter expressing support for the FCC’s efforts and offering suggestions for addressing erroneously blocked calls.

Background: Robocalling and Caller ID Spoofing

A robocall is a pre-recorded automated call, usually for telemarketing purposes. While some robocalls are legitimate (emergency weather alerts and school announcements), many robocalls can be predatory or deceptive. In August 2017, the FTC issued a warning to Hurricane Harvey victims about a flood insurance scam perpetrated by robocalls, in which homeowners were advised that their flood premium was past due.

Robocalls have become a ubiquitous irritant. It’s estimated that in 2016 alone, U.S. consumers received more than 2.4 billion robocalls every month. The FTC reports receiving millions of complaints per year about unwanted phone calls. Coincidentally, the lead author of this post received two suspicious calls to her mobile phone in the time it took to prepare this blog post.

Marketing robocalls to mobile phone numbers are illegal under the Telephone Consumer Protection Act unless the caller has received prior express written consent from the called party. Unfortunately for consumers, technology has made it increasingly easy for scam artists to flout the law and avoid detection.

One of the most common (and illegal) means used by scammers is “Caller ID spoofing.” The caller intentionally falsifies the information transmitted to the recipient’s Caller ID, in order to disguise the caller’s identity. Again, some forms of Caller ID spoofing can be legitimate—for example, displaying the general telephone number of a business whenever an employee dials out. Illegitimate callers, however, trick the recipient into answering an unwanted call (which could lead to identity theft or fraud) by altering or manipulating the number that appears on Caller ID. Fraudulent Caller ID spoofing can come in the form of “No Caller ID” or a random phone number. Or, a robocaller might use a number with the same area code and three-digit prefix as the call recipient, to make the recipient think the call is from someone they know. This last approach is called “neighbor spoofing.”

The FCC has described Caller ID spoofing as “the key to making robocall scams work.” The Commission has taken a number of measures to encourage telecommunications companies to block illegal or fraudulent robocalls. Importantly, however, these companies must not block legitimate calls, since call blocking is illegal under Section 201(b) of the Communications Act, and the practice of call blocking can subject a company to liability. Therefore, federal agencies tackling the problem of robocalling and Caller ID spoofing must provide sufficient clarity to the industry on precisely what types of calls should or should not be blocked.

November 2017: FCC Report and Order Authorizing Robocall Blocking by Providers

The FCC has taken a number of steps to limit the prevalence of fraudulent or illegal robocalls. In November 2017, the FCC issued a Report and Order and Further Notice of Proposed Rulemaking (Report and Order) tackling Caller ID spoofing by allowing carriers to proactively block types of calls that are likely to be illegitimate robocalls.

Titled “Advanced Methods to Target and Eliminate Unlawful Robocalls,” the Report and Order identifies four “specific, well-defined circumstances in which voice service providers may block calls that are highly likely to be illegitimate because there is no lawful reason to spoof certain kinds of numbers.” Blocking these four types of calls will not, the FCC assures providers, “violate the call completion rules.”

DNO request. Carriers may block calls purporting to be from a phone number placed on a “do not originate” (DNO) list by the number’s subscriber.

Invalid numbers.Carriers may block calls from invalid numbers. Examples include numbers that use an unassigned area code, or an abbreviated dialing code, such as 91155 or 411, in place of an area code; numbers that do not contain the requisite number of digits; and numbers that repeat a single digit, such as 000-000-0000.

Un-allocated numbers. The FCC also will permit carriers to block calls originating from numbers that are valid, but have not yet been allocated to any provider.

Un-used numbers. Finally, the FCC will allow carriers to block calls that are allocated to a provider, but “unused” in the sense of not being assigned to a subscriber, i.e. a consumer.

The new rules set forth in the Report and Order do not cover text messages, and the FCC continues to prohibit the blocking of emergency calls.

The FCC acknowledges that the rules promulgated by the Report and Order risk blocking legitimate calls erroneously. To address this risk, the FCC “strongly encourages” carriers to set up a transparent process by which legitimate callers can challenge a blocked number, and receive a prompt resolution. The FCC sought comment on the best ways to resolve erroneously blocked calls, for example through a formal “challenge” process with agreed-upon timeframes for resolution.

Four of the five commissioners on the FCC (including Chairman Pai) voted to approve this Report and Order. Commissioner Jessica Rosenworcel dissented from the measure, citing a “great flaw” in the Report and Order’s failure to prevent carriers from charging consumers for call-blocking services.

January 2018: FTC’s Response

On January 31, 2018, the FTC submitted a staff letter in response to the FCC’s request for comments about how to address erroneously blocked calls. (A staff letter must be approved by the FTC Commissioners but represents the views of the FTC staff and not the Federal Trade Commission.) The letter expressed support for FCC’s efforts to identify types of calls that are likely illegitimate and thus susceptible to blocking.

Nevertheless, the FTC was critical of the Report and Order on two points. First, FTC staff questioned the “need to require a formal challenge mechanism for errors resulting from provider-based call blocking.” As the FTC pointed out, carriers are already on notice “that erroneous blocking may lead to liability for violating call completion rules.” The FTC staff took the position that these pre-existing rules obviate the need for a formal challenge process. In other words, “assessing the need for requiring provider-based mechanisms to mitigate erroneously blocked calls might best be done when and if the FCC considers further expansion of provider-based call blocking authority.”

Moreover, the FTC staff indicated that the risk of a carrier blocking a legitimate call erroneously is “low,” but “not zero.” The FTC letter reported on “considerable confusion among subscribers and marketers about the amount and type of call-blocking occurring at the provider level.” FTC recommended a number of approaches to address this confusion:

Communicating clearly to subscribers the types of calls that are being blocked;

The FTC staff also spoke against the use of centralized “white lists” containing known legitimate telephone numbers. Citing “security concerns,” the FTC fears such lists could become a “de facto master key” for robocallers to thwart all blocking efforts by simply spoofing the “white listed” numbers.

About

More than a news source, the Data Protection Report provides thought leadership on emerging privacy, data protection and cybersecurity issues, and helps its readers proactively address risks and anticipate next steps in this crucial emerging field.